CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39363
https://notcve.org/view.php?id=CVE-2021-39363
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. Los dispositivos Honeywell HDZP252DI versión 1.00.HW02.4 y HBW2PER1 versión 1.000.HW01.3, permiten un ataque de repetición de vídeo tras el envenenamiento de la caché ARP • https://buildings.honeywell.com/content/dam/hbtbt/en/documents/downloads/Security_Notification_SN_2022-01-26-01_CVE-2021-39363_Command_Injection_HDZP252DI.pdf https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices https://www.honeywell.com/us/en/product-security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39364
https://notcve.org/view.php?id=CVE-2021-39364
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved. Los dispositivos Honeywell HDZP252DI versión 1.00.HW02.4 y HBW2PER1 versión 1.000.HW01.3, permiten una suplantación de comandos (para el control de la cámara) tras el envenenamiento de la caché ARP • https://buildings.honeywell.com/content/dam/hbtbt/en/documents/downloads/Security_Notification_SN_2022-01-26-02_CVE-2021-39364_Video_Replay_HBW2PER1.pdf https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices https://www.honeywell.com/us/en/product-security • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2019-18226
https://notcve.org/view.php?id=CVE-2019-18226
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. En las cámaras IP y grabadoras Honeywell equIP series y Performance series, una vulnerabilidad se presenta en los productos afectados donde las cámaras IP y grabadoras poseen una posible vulnerabilidad de ataque de reproducción ya que un método de autenticación débil es retenido por compatibilidad con productos heredados. • https://www.us-cert.gov/ics/advisories/icsa-19-304-04 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2019-18228
https://notcve.org/view.php?id=CVE-2019-18228
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service. En las cámaras IP serie equIP de Honeywell Multiple equIP Series Cameras, una vulnerabilidad se presenta en los productos afectados donde una petición de paquete HTTP especialmente diseñada podría resultar en una denegación de servicio. • https://www.us-cert.gov/ics/advisories/icsa-19-304-02 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 118EXPL: 0CVE-2019-13523
https://notcve.org/view.php?id=CVE-2019-13523
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L. En las cámaras IP y NVRs Honeywell Performance, el servidor web integrado de los dispositivos afectados podría permitir a atacantes remotos obtener datos de configuración web en formato JSON para cámaras IP y NVR (Network Video Recorders), que pueden ser accedidos sin autenticación a través de la red. Cámaras IP Performance afectadas: HBD3PR2, H4D3PRV3, HED3PR3, H4D3PRV2, HBD3PR1, H4W8PR2, HBW8PR2, H2W2PC1M, H2W4PER3, H2W2PER3, HEW2PER3, HEW4PER3B, HBW2PER1, HEW4PER2, HEW4PER2B, HEW2PER2, H4W2PER2, HBW2PER2, H4W2PER3, y HPW2P1. • https://www.us-cert.gov/ics/advisories/icsa-19-260-03 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •